IN THE CLAIMS 

What is claimed is: 



1 1 ./A computer software product including one or more recordable media having 

2 / executable instructions stored thereon which, when executed by a processing 

3 device, causes the processing device to: 

4 strengthen a first antecedent label for an edge in an assertion graph. 

1 2. The computer software product recited in Claim 1 which, when executed by a 

2 processing device, further causes the processing device to: 

3 abstract a second antecedent label to produce the first antecedent label. 

1 3. The computer software product recited in Claim 1 wherein strengthening the 

2 antecedent label comprises causing the processing device to: 

3 join any pre-images for antecedent labels of outgoing edges from the 

4 edge in the assertion graph; and 

5 keep in the strengthened antecedent label for the edge only what is 

6 already contained by the first antecedent label for the edge and also 

7 contained by the joined pre-images for antecedent labels of outgoing edges 

8 from the edge. 

1 4. The computer software product recited in Claim 1 which, when executed by a 

2 processing device, further causes the processing device to: 

3 compute a simulation relation for the edge from the strengthened 

4 antecedent label; and 

5 compare the simulation relation for the edge to a consequence label for 

6 the edge. 

1 5. The computer software product recited in Claim 4 wherein computing the 

2 simulation relation comprises causing the processing device to: 
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3 identify in the strengthened antecedent label of the edge any states that 

4 are also contained by a post-image for a simulation relation of an edge 

5 incoming to the edge in the assertion graph; and 

6 join to the simulation relation for the edge, the identified states. 

1 6. The computer software product recited in Claim 4 wherein comparing the 

2 simulation relation to a consequence label comprises causing the processing 

3 device to: 

4 determine whether the simulation relation for the edge is contained by the 

5 consequence label for the edge. 

1 7. The computer software product recited in Claim 4 wherein comparing the 

2 simulation relation to a consequence label comprises causing the processing 

3 device to: 

4 negate a Boolean expression of the simulation relation for the edge, and: 

5 logically combine the negated Boolean expression with a Boolean 

6 expression of the consequence label for the edge using a logical OR 

7 operation. 

1 8. The computer software product recited in Claim 4 wherein computing a 

2 simulation relation for the edge from the strengthened antecedent label 

3 comprises causing the processing device to: 

4 compute a simulation relation abstraction for the edge; and 

5 concretize the simulation relation abstraction for the edge to produce the 

6 simulation relation for the edge. 

1 9. The computer software product recited in Claim 8 wherein computing a 

2 simulation relation for the edge from the strengthened antecedent label 

3 further comprises causing the processing device to: 

4 abstract the strengthened antecedent label to produce an antecedent 
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5 label abstraction for the edge; and 

6 use the antecedent label abstraction to compute the simulation relation 

7 abstraction for the edge. 

1 1(^A method comprising: 

2 * strengthening a first antecedent label for an edge in an assertion graph; 

1 1 1 .The method recited in Claim 10 wherein strengthening the antecedent label 

2 comprises: 

3 joining pre-images of antecedent labels of any outgoing edges from the 

4 edge in the assertion graph; and 

5 keeping, in the strengthened antecedent label for the edge, states already 

6 contained by the first antecedent label for the edge and also contained by the 

7 joined pre-images of antecedent labels of any outgoing edges from the edge. 

1 12. The method recited in Claim 10 wherein the first antecedent label is one of a 

2 plurality of antecedent labels including a second antecedent label encoded 

3 along with the first antecedent label into a third antecedent label by a 

4 symbolic indexing function. 

1 13. The method recited in Claim 10 further comprising: 

2 computing a simulation relation for the edge from the strengthened 

3 antecedent label; and 

4 comparing the simulation relation for the edge to a consequence label for 

5 the edge. 

1 14. The method recited in Claim 13 wherein comparing the simulation relation to 

2 a consequence label comprises: 

3 determining whether the simulation relation for the edge is contained by 

4 the consequence label for the edge. 
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1 15. The method recited in Claim 13 wherein comparing the simulation relation to 

2 a consequence label comprises: 

3 negating a Boolean expression of the simulation relation for the edge, 

4 and: 

5 logically combining the negated Boolean expression with a Boolean 

6 expression of the consequence label for the edge using a logical OR 

7 operation. 

1 method comprising: 

2 computing a first simulation relation for an edge in a first assertion graph 

3 from a first antecedent label for the edge; 

4 computing a second simulation relation for the edge from a concretization 

5 function applied to the first simulation relation for the edge; and 

6 comparing the second simulation relation for the edge with a 

7 consequence label for a corresponding edge in a second assertion graph to 

8 see if the second simulation relation is contained by the consequence label. 

1 17. The method recited in Claim 16 further comprising: 

2 computing the first antecedent label as an abstraction of a second 

3 antecedent label for the corresponding edge in the second assertion graph. 

1 18. The method recited in Claim 17 further comprising: 

2 computing the second antecedent label by strengthening a third 

3 antecedent label for the edge in the second assertion graph. 

1 19. The method recited in Claim 16 further comprising: 

2 computing a third antecedent label for the edge in the first assertion graph 

3 as an abstraction of a second antecedent label for the corresponding edge in 

4 the second assertion graph; and 
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5 computing the first antecedent label by strengthening the third antecedent 

6 label for the edge in the first assertion graph. 

1 ^(jK verification system comprising: 

2 means for strengthening an first antecedent label for an edge in an 

3 assertion graph; 

1 21 .The verification system of Claim 20 wherein the means for strengthening the 

2 antecedent label comprises: 

3 means for joining any pre-images for antecedent labels of outgoing edges 

4 from the edge in the assertion graph; and 

5 means for keeping, in the strengthened antecedent label for the edge, 

6 states already contained by the first antecedent label for the edge and also 

7 contained by the joined pre-images for antecedent labels of outgoing edges 

8 from the edge. 

1 22. The verification system of Claim 20 wherein the first antecedent label is one 

2 of a plurality of antecedent labels including a second antecedent label 

3 encoded along with the first antecedent label into a third antecedent label by 

4 a symbolic indexing function. 

1 23. The verification system of Claim 20 further comprising: 

2 means for computing a simulation relation for the edge from the 

3 strengthened antecedent label; and 

4 means for comparing the second simulation relation for the edge with a 

5 consequence label for a corresponding edge in a second assertion graph to 

6 check if the second simulation relation is contained by the consequence 

7 label. 

1 24. The verification system of Claim 23 wherein the means for comparing the 

2 simulation relation to a consequence label comprises: 
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3 means for determining whether the simulation relation for the edge is 

4 contained by the consequence label for the edge. 

1 2j8^A verification system comprising: 

2 / means for computing a first simulation relation for an edge in a first 

3 assertion graph from a first antecedent label for the edge; 

4 means for computing a second simulation relation for the edge from a 

5 concretization function applied to the first simulation relation for the edge; and 

6 means for comparing the second simulation relation for the edge with a^ 

7 consequence label for a corresponding edge in a second assertion graph to 

8 see if the second simulation relation is contained by the consequence label. 

1 26. The verification system of Claim 26 further comprising: 

2 means for computing the first antecedent label as an abstraction of a 

3 second antecedent label for the corresponding edge in the second assertion 

4 graph. 

1 27. The verification system of Claim 27 further comprising: 

2 means for computing the second antecedent label by strengthening a 

3 third antecedent label for the edge in the second assertion graph. 

1 28. The verification system of Claim 26 further comprising: 

2 means for computing a third antecedent label for the edge in the first 

3 assertion graph as an abstraction of a second antecedent label for the 

4 corresponding edge in the second assertion graph; and 

5 means for computing the first antecedent label by strengthening the third 

6 antecedent label for the edge in the first assertion graph. 

1 ^9. A verification system comprising: 

2 a recordable medium to store executable instructions; 

3 a processing device to execute instructions; and 
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4 a plurality of executable instructions that when executed by the processing 

5 device, cause the processing device to strengthen a antecedent label for an 

6 edge in an assertion graph. 

1 30. The verification system of Claim 4 wherein the plurality of executable 

2 instructions, when executed by the processing device, further cause the 

3 processing device to: 

4 compute a first simulation relation for the edge; and 

5 concretize the first simulation relation computed for the edge to produce a 

6 second simulation relation for the edge. 
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